Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-2831

    A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The man... Read more

    Affected Products : library_management_system
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-2481

    The MediaView plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id' parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-45352

    An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-30355

    Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been f... Read more

    Affected Products : synapse
    • Published: Mar. 27, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20230

    In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and... Read more

    Affected Products : splunk splunk_secure_gateway
    • Published: Mar. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-30407

    Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-2838

    Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is... Read more

    Affected Products : gecko_os
    • Published: Mar. 26, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-2837

    Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication ... Read more

    Affected Products : gecko_os
    • Published: Mar. 26, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-20233

    In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-... Read more

    • Published: Mar. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-20232

    In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles coul... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-20231

    In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a se... Read more

    Affected Products : splunk splunk_secure_gateway
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2025-20229

    In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-20228

    In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of Ap... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-20227

    In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk ro... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-20226

    In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Mar. 26, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 2.9

    LOW
    CVE-2025-31160

    atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.... Read more

    Affected Products : atop
    • Published: Mar. 26, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-2787

    KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component... Read more

    Affected Products : business_hub
    • Published: Mar. 26, 2025
    • Modified: Mar. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-55965

    An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not... Read more

    Affected Products : appsmith
    • Published: Mar. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-30073

    An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-28361

    Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Mar. 26, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292811 Results